I would like to avoid using chroot because it implies my dummy-shell
must run in suid root. Furthermore, it forces to create a jail with the
binaries and libraries inside. I was thinking to this solution to avoid
doing this. Do you think there are some security issues using realpath
instead of chroot ?
Dmitry V. Levin wrote:
Hi,
On Tue, Dec 28, 2004 at 04:53:45PM +0100, Bob wrote:
I have very special needs and i wanted to use rsync over ssh. I don't
know if a solution already exists for what i want to do. I want to
provide rsync over ssh to my users. Howevern i want to have the
following limitations :
1. No shell access
2. Limitting users to their home directories
I was thinking to the folowing solution, but i don't know if it is
secure enough :
Create a dummy-shell sor ssh login that only allow the rsync --server
--sender command. Then i get the path of the wanted files, and i appened
it to the home directory of the user. Ex : the user requests /test, i
give him : /home/usrname/test
Then i uses the realpath function to canonicalize the path and i check
that it really begins with /home/usrname to prevent users from getting
files outside of their home directory.
I execute the rsync command with the new built path...
I think this should work but i would like to know what do you think
about security.
Use chroot(2) to get more robust solution.
See also ftp://ftp.altlinux.org/pub/people/ldv/rshell/
6 messages in org.samba.lists.rsyncRestricting rsync over ssh
